It used to be working, but out of the blue, it stopped sending mail. I thought I set everything up in both linux and exchange to function correctly, but we're not receiving the emails - internally or externally.
I'm not that knowledgeable about linux, so I use webmin to get around.
So, we have our shopping cart and online forms on the linux server that will email users confirmations and such. It won't receive any mail, so I don't need to worry about that. It only sends mail out, both inside our network, and outside. Here is a recent addition to the mail log:
Dec 6 11:51:04 istalinux2 sendmail[1696]: rB6Gp4lr001696: from=www-data, size=246, class=0, nrcpts=1, msgid=, relay=www-data#localhost
Dec 6 11:51:05 istalinux2 sm-mta[1697]: rB6Gp4hY001697: from=, size=485, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Dec 6 11:51:05 istalinux2 sendmail[1696]: rB6Gp4lr001696: to="John Smith" jsmith#ista-in.org, ctladdr=www-data (33/33), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30246, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (rB6Gp4hY001697 Message accepted for delivery)
Dec 6 11:51:05 istalinux2 sm-mta[1699]: rB6Gp4hY001697: to=jsmith#ista-in.org, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120485, relay=10.20.51.30, dsn=5.1.2, stat=Host unknown (Name server: 10.20.51.30: host not found)
Dec 6 11:51:05 istalinux2 sm-mta[1699]: rB6Gp4hY001697: to=www-data#istalinux2.ista-in.org, delay=00:00:01, mailer=local, pri=120485, dsn=5.1.1, stat=User unknown
Dec 6 11:51:05 istalinux2 sm-mta[1699]: rB6Gp4hY001697: rB6Gp5hY001699: postmaster notify: User unknown
Dec 6 11:51:05 istalinux2 sm-mta[1699]: rB6Gp5hY001699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, stat=Sent
I have a receive connector set up in Exchange to receive incoming mail from our linux server and pass it through.
I am using sendmail in linux - but I honestly don't care how it's set up, as long as it works and doesn't break, lol. Please help me make sure all my settings in linux are correct ... and keep in mind that I am NOT a linux guy.
The problem seems to be this part:
relay=10.20.51.30, dsn=5.1.2, stat=Host unknown (Name server: 10.20.51.30: host not found)
I assume that 10.20.51.30 is the ip address of your exchange server. Now, without seeing the actual configuration files, it's a bit hard to find out what you did wrong, but normally, when you specify a mail relay, you have to use either a) a real dns name, not an ip, or b) enclose the ip in [] brackets - just like the line before that one, which says relay=[127.0.0.1].
Try enclosing the 10.20.51.30 in [] brackets, or, use the name of the exchange server instead of the IP, and make sure your DNS server can resolve that name.
Related
using centos7 and denyhosts 2.9 i noticed some strange behavior.
My config is set to:
DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 10
Which, in my understanding is like: after 3 failed login attempts of NON-EXISTING users from hosts X, deny that host.
After 10 failed logins attempts from EXISTING users from hosts X, deny that host.
While the latter works just fine, the DENY_THRESHOLD_INVALID = 3 setting does not work.
What i noticed is that the /var/log/secure, that danyhosts parses, does handly logns from non-existing accounts and logins from account that exist but are using the wrong pasword, are handled differently.
Aug 10 12:32:42 ftp sshd[27176]: Invalid user adminx from xxx.128.30.135 port 42800
Aug 10 12:32:42 ftp sshd[27176]: input_userauth_request: invalid user adminx [preauth]
Aug 10 12:32:42 ftp sshd[27176]: Connection closed by xxx.128.30.135 port 42800 [preauth]
vs.
Aug 10 12:33:46 ftp sshd[27238]: Failed password for exchange from xxx.128.30.135 port 42802 ssh2
Does anyone know of denyhosts has problems parsing the /var/log/secure file on centos with non-existing accounts vs. existing accounts that use wrong passwords?
Denyhosts debug log also does not say anything. It seems to ignore the login attempt from non-existend users.
any help would be appreciated. Thanks.
For the life of me I cannot figure out how spammers are sendmail mail through my server with relaying off. I'm running Sendmail 8.14.7 on Slackware Linux 14.1. The spammers have not figured out a user's password and are therefore logging in first via SASL with AUTH LOGIN or I would see that in the log.
Heres an example from my logs, a spammer/bot from 182.234.55.47, off the top of someones head what would allow this? Any IP randomly in the world can do this, yet when I try it sendmail says "relaying denied...". I could not be more lost. I firewall them but it happens again an hour later from a different IP.
Feb 23 12:18:44 server sendmail[28315]: t1NHIIgY028315: <-- MAIL FROM: <re>
Feb 23 12:18:44 server sendmail[28315]: t1NHIIgY028315: --- 250 2.1.0 <re>... Sender ok
Feb 23 12:18:45 server sendmail[28315]: t1NHIIgY028315: <-- RCPT TO: <htucker566#gmail.com>
Feb 23 12:18:45 server sendmail[28315]: t1NHIIgY028315: --- 250 2.1.5 <htunhtunnaing.goldpot#gmail.com>... Recipient ok
Feb 23 12:18:47 server sendmail[28315]: t1NHIIgY028315: <-- DATA
Feb 23 12:18:47 server sendmail[28315]: t1NHIIgY028315: --- 354 Enter mail, end with "." on a line by itself
Feb 23 12:18:48 server sendmail[28315]: t1NHIIgY028315: from=<re>, size=496, class=0, nrcpts=5, msgid=<B3BE0AC12425C02A1FB8C9201EE5CB9E#jyvicegy>, proto=ESMTP, daemon=MTA, relay=host-47.55-234-182.cable.dynamic.kbtelecom.net [182.234.55.47]
Feb 23 12:18:48 central sendmail[28315]: t1NHIIgY028315: --- 250 2.0.0 t1NHIIgY028315 Message accepted for delivery
This time I have another question. This one is related to FTP. We have an ftp server say 127.0.0.2. The application server is on ip say 127.0.0.1. From the application server, we connect to the FTP server every 10 minutes and pull or push certain files in the INWARD and OUTWARD folders respectively.
The ftp server is running linux with the following details:
-bash-3.2$ uname -n
ftpserver.companyname.com
-bash-3.2$ uname
Linux
-bash-3.2$ uname -r
2.6.18-308.13.1.el5
The problem is that the FTP user gets locked automatically on a random basis. Random meaning really random... This instance it is working but within the next 15 seconds it will get locked triggering of an alert and thus requiring user intervention to get it unlocked.
To check when the locking is happening, we wrote a monitoring shell script to check the ftp connection every 15 seconds. This script will only connect to the ftp machine and quit. If everything is ok, it will not do anything but if connection fails it will mail the stake holders with the ftp log.
SCRIPT >>
ftp -niv $FTP_HOST <<END_SCRIPT > $FTP_LOG
quote USER $FTP_USER
quote PASS $FTP_PASSWD
quit
END_SCRIPT
Now if we see the log generated from the script, we can see the below information:
LOG >>
::::: DATE/TIME = Wed Apr 23 17:35:00 UTC 2014 :::::
Step 1 complete : Initialised log file ~/ftp_support_23_Apr_2014.log
Step 2 complete : Completed check for ftp login
FTP connection to 127.0.0.2 is ok.
Step 3 completed. Deleted ftp.log
::::: DATE/TIME = Wed Apr 23 17:35:15 UTC 2014 :::::
Step 1 complete : Initialised log file ~/ftp_support_23_Apr_2014.log
Step 2 complete : Completed check for ftp login
FTP user username is locked on 127.0.0.2.
Step 3 completed. Deleted ftp.log
----- SAME OUTPUT AS ABOVE EVERY 15 SECONDS TILL USER IS UNLOCKED ------
Here the ftp user was unlocked by the SA.
::::: DATE/TIME = Wed Apr 23 17:41:40 UTC 2014 :::::
Step 1 complete : Initialised log file ~/ftp_support_23_Apr_2014.log
Step 2 complete : Completed check for ftp login
FTP connection to 127.0.0.2 is ok.
Step 3 completed. Deleted ftp.log
Now the question that we all have is what could have happened in 15 seconds causing the user to get locked? At 17:35:00 UTC the connection is ok, at 17:35:15 UTC, the connection goes dead. The log which is mailed to the stake holders is as below -
MAILED FTP LOG >>
Connected to 127.0.0.2.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
331 Please specify the password.
530 Login incorrect.
221 Goodbye.
Now we know for sure, that the password is read from a encrypted config file and used by the program. If it works every 10 mins, then there is no problem with the program sending the password to the ftp user. And any system user is not typing in the password incorrectly. Hence the question here is what do we need to check at our end?
How do we interpret the 530 Login incorrect. error message? Can anyone suggest what we have to do here? Has the SA changed any setting on the ftp server? What can we ask them to check at OS level or for the ftp service?
If the output of any command is needed or if any running service needs to be checked, let me know.
I am trying to send an email via Linux server but i never receive it. I'm currently using putty and I use
# php -r 'mail("*****#gmail.com","Test subject", "Test Message","From: *****#gmail.com");'
Then i go check my message with
cat /var/spool/mail/
and i got this
----- The following addresses had permanent fatal errors -----
<****#gmail.com>
**(reason: 550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1))**
----- Transcript of session follows -----
... while talking to domain.ca.:
>>> MAIL From:<*****#****> SIZE=568
<<< **550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)**
554 5.0.0 Service unavailable
I searched on the web and i can't find an answer
some people say its an authentification problem but they are talking mainly about outlook.
I don't know if it help, but when I do telnet and ehlo i got this
# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 *** ESMTP Sendmail 8.14.4/8.14.4; Fri, 27 Sep 2013 14:47:10 -0400
# ehlo localhost
250-****Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
I think it's missing
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
I don't know if it's because of that i have my error and that i can't send an email? If yes, I don't know what to do to make this apear.
Can someone help me please? I'm new with linux and php mail
If it's a VPS or a Dedicated Server try changing the hostname to something resolvable like server#mydomain.com with valid A records for the same
I found the following website useful
How to fix Invalid HELO Name error
I'm working on a debian squeeze domU ( xen virtualized ) called webserv (result of hostname) and want to send mail using sendmail.
The user name of the user logged in the box is: username
I changed the hostname to a FQDN (mydomain.com).
I go with the default sendmail conf (removing the masquerade stuff from /etc/mail/sendmail.mc)
When i try to send a mail using command line ( sendmail ... -f user#mydomain.com receiver#otherdomain.com) the mail is allways deffered:
webserv sendmail[3694]: q2P2nP4M003694: Authentication-Warning: mydomain.com: username set sender to user#mydomain.com using -f
webserv sendmail[3694]: q2P2nP4M003694: from=user#mydomain.com, size=2124, class=0, nrcpts=1, msgid=<d9dc266122bf46d87b59e20cbd0c7432#www.mydomain.com>, relay=username#localhost
webserv sm-mta[3695]: q2P2nPOE003695: from=<user#mydomain.com>, size=2315, class=0, nrcpts=1, msgid=<d9dc266122bf46d87b59e20cbd0c7432#www.mydomain.com>, proto=ESMTP, daemon=MTA-v4, relay=localhost.localdomain [127.0.0.1]
webserv sendmail[3694]: q2P2nP4M003694: to=receiver#otherdomain.com, ctladdr=user#mydomain.com (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32124, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (q2P2nPOE003695 Message accepted for delivery)
webserv sm-mta[3697]: q2P2nPOE003695: to=<receiver#otherdomain.com>, delay=00:00:42, xdelay=00:00:42, mailer=relay, pri=122315, relay=26, dsn=4.0.0, stat=Deferred
However if i flush the queue (force the mail to be sent), the mail is successfully sent.
I tried to bypass my problem by using my dedicated mail server box (another domU on the same network of this one, running under debian squeeze and using postfix as MTA, working fine) as a smarthost, but the mail never used the smarthost.
So if you have any advices I'll be glad to hear them.
Regards
PS: It is required that the MTA on the webserv domU is sendmail
I didn't solve the problem with sendmail-mta, however i found out that postfix use "sendmail" as binary name. So i uninstalled sendmail then installed postfix, which worked fine out of the box.
I specified i wanted sendmail mta because i needed the name of the binary to be sendmail.
So question closed.